General
-
Target
e1d879e9b873962cde3f42e555a2583eca3c135d1f63aebfbbf3dd95f77a30cf
-
Size
89KB
-
Sample
220427-whn93abgan
-
MD5
223f824fbc8cacd41d0e119034c1d043
-
SHA1
3b8e9eff67bc8f37431b26dbcde55e0c1767519d
-
SHA256
e1d879e9b873962cde3f42e555a2583eca3c135d1f63aebfbbf3dd95f77a30cf
-
SHA512
849c3d8345b4fcb22afc6786052e06cfa9cb5ac853a318e91be934dbeda7a15ebc068d2d6e2f8b2ad0d7fd88e30660f71703557512175808656c64e337d688e1
Static task
static1
Behavioral task
behavioral1
Sample
e1d879e9b873962cde3f42e555a2583eca3c135d1f63aebfbbf3dd95f77a30cf.exe
Resource
win7-20220414-en
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
e1d879e9b873962cde3f42e555a2583eca3c135d1f63aebfbbf3dd95f77a30cf
-
Size
89KB
-
MD5
223f824fbc8cacd41d0e119034c1d043
-
SHA1
3b8e9eff67bc8f37431b26dbcde55e0c1767519d
-
SHA256
e1d879e9b873962cde3f42e555a2583eca3c135d1f63aebfbbf3dd95f77a30cf
-
SHA512
849c3d8345b4fcb22afc6786052e06cfa9cb5ac853a318e91be934dbeda7a15ebc068d2d6e2f8b2ad0d7fd88e30660f71703557512175808656c64e337d688e1
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-